diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf
index 23be8d2..37d1962 100644
--- a/share/wildduck/haraka.tf
+++ b/share/wildduck/haraka.tf
@@ -88,15 +88,13 @@ resource "kubectl_manifest" "haraka_deploy" {
   EOF
 }
 
-resource "kubectl_manifest" "haraka_config" {
-  yaml_body  = <<-EOF
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: "${var.instance}-haraka"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.haraka-labels)}
-    data:
+resource "kubernetes_config_map_v1" "haraka_config" {
+  metadata {
+    name = "${var.instance}-haraka"
+    namespace = "${var.namespace}"
+    labels = local.haraka-labels
+  }
+  data = yamldecode(<<-EOF
       me: |-
         ${var.sub-domain}.${var.domain-name}
       host_list: |-
@@ -251,6 +249,7 @@ resource "kubectl_manifest" "haraka_config" {
                 DMARC_POLICY_REJECT: "Unauthenticated email from {host} is not accepted due to domain's DMARC policy"
                 RBL_ZONE: '[{host}] was found from Zone RBL'
   EOF
+  )
 }
 
 resource "kubectl_manifest" "haraka_service" {
diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml
index 6e84351..f68c950 100644
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -6,16 +6,46 @@ metadata:
   name: wildduck
   description: null
 options:
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
   additional-domains:
     default: []
     items:
       type: string
     type: array
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
   redis:
     default:
       exporter:
@@ -54,51 +84,11 @@ options:
     examples:
     - mail
     type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
   ingress-class:
     default: traefik
     examples:
     - traefik
     type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
   images:
     default:
       haraka:
@@ -262,6 +252,16 @@ options:
             type: string
         type: object
     type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
 dependencies:
 - dist: null
   category: dbo
diff --git a/share/wildduck/rspamd.tf b/share/wildduck/rspamd.tf
index a580a39..2affd9d 100644
--- a/share/wildduck/rspamd.tf
+++ b/share/wildduck/rspamd.tf
@@ -56,15 +56,13 @@ resource "kubectl_manifest" "rspamd_deploy" {
   EOF
 }
 
-resource "kubectl_manifest" "rspamd_config" {
-  yaml_body  = <<-EOF
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: "${var.instance}-rspamd"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.rspamd-labels)}
-    data:
+resource "kubernetes_config_map_v1" "rspamd_config" {
+  metadata {
+    name = "${var.instance}-rspamd"
+    namespace = "${var.namespace}"
+    labels = local.rspamd-labels
+  }
+  data = yamldecode(<<-EOF
       worker-normal.conf: |-
         # Included from top-level .conf file
 
@@ -83,6 +81,7 @@ resource "kubectl_manifest" "rspamd_config" {
         servers = "${var.instance}-${var.component}-redis.${var.namespace}.svc:6379";
         db = "4";
   EOF
+  )
 }
 
 resource "kubectl_manifest" "rspamd_service" {
diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf
index 7b0fc89..b932420 100644
--- a/share/wildduck/webmail.tf
+++ b/share/wildduck/webmail.tf
@@ -65,15 +65,13 @@ resource "kubectl_manifest" "webmail_deploy" {
   EOF
 }
 
-resource "kubectl_manifest" "webmail_config" {
-  yaml_body  = <<-EOF
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: "${var.instance}-webmail"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.webmail-labels)}
-    data:
+resource "kubernetes_config_map_v1" "webmail_config" {
+  metadata {
+    name = "${var.instance}-webmail"
+    namespace = "${var.namespace}"
+    labels = local.webmail-labels
+  }
+  data = yamldecode(<<-EOF
       index.hbs: |-
         <div class="row">
             <div class="col-md-12">
@@ -168,6 +166,7 @@ resource "kubectl_manifest" "webmail_config" {
                 secure=true
                 port=25
   EOF
+  )
 }
 
 resource "kubectl_manifest" "webmail_service" {
diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf
index d73e1bf..084ebb1 100644
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -96,15 +96,13 @@ resource "kubectl_manifest" "wildduck_deploy" {
   EOF
 }
 
-resource "kubectl_manifest" "wildduck_config" {
-  yaml_body  = <<-EOF
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: "${var.instance}-wildduck"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.wildduck-labels)}
-    data:
+resource "kubernetes_config_map_v1" "wildduck_config" {
+  metadata {
+    name = "${var.instance}-wildduck"
+    namespace = "${var.namespace}"
+    labels = local.wildduck-labels
+  }
+  data = yamldecode(<<-EOF
       default.toml: |-
         # Uncomment if you start the app as root and want to downgrade
         # once all privileged actions are completed
@@ -380,6 +378,7 @@ resource "kubectl_manifest" "wildduck_config" {
         # If not set then looping is not tracked
         loopSecret="${local.secrets.srs}"
   EOF
+  )
 }
 
 resource "kubectl_manifest" "wildduck_service_api" {
diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf
index 2ea56ef..c003312 100644
--- a/share/wildduck/zonemta.tf
+++ b/share/wildduck/zonemta.tf
@@ -78,15 +78,13 @@ resource "kubectl_manifest" "zonemta_deploy" {
   EOF
 }
 
-resource "kubectl_manifest" "zonemta_config" {
-  yaml_body  = <<-EOF
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: "${var.instance}-zonemta"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.zonemta-labels)}
-    data:
+resource "kubernetes_config_map_v1" "zonemta_config" {
+  metadata {
+    name = "${var.instance}-zonemta"
+    namespace = "${var.namespace}"
+    labels = local.zonemta-labels
+  }
+  data = yamldecode(<<-EOF
       feeder.toml: |-
         # Default SMTP interface for accepting mail for delivery
         [feeder]
@@ -173,6 +171,7 @@ resource "kubectl_manifest" "zonemta_config" {
             signTransportDomain=false
             hashAlgo="sha256"
   EOF
+  )
 }
 
 resource "kubectl_manifest" "zonemta_service" {